GDPR & Data
GoodLogs takes data privacy seriously. Here's how we handle your data, deletion, and restoration.
Data Export
Organization owners can export all their data via GET /api/orgs/:id/gdpr/export. This returns:
- User profile (email, name, creation date)
- Organization details and plan
- Project list (including soft-deleted projects)
- API key metadata (prefix, type, scopes — never hashes)
- Event, log, and alert rule counts
Deleting a Project
Dashboard → Settings → Danger Zone → Delete Project
Projects are soft-deleted with a 30-day restore window:
- The project is immediately hidden from your dashboard
- All API keys are revoked — SDKs will stop sending data
- After 30 days, the project and all its data (logs, events, alerts) are permanently removed
To restore a project within the 30-day window, use the REST API:
POST /api/orgs/:org_id/projects/:project_id/restore
If restoring would exceed your plan's project limit, the API returns a 402 with quota details and an upgrade suggestion. Pass ?force=true to restore anyway.
Deleting an API Key
Dashboard → Settings → API Keys → Delete
API keys are soft-deleted with a 30-day restore window:
- The key is immediately revoked and hidden from the active list
- It appears in the Recently Deleted section
- Click Restore to reactivate it
You can also revoke a key without deleting it (disables the key but keeps it visible). Revoked keys can be unrevoked at any time.
Deleting Your Account
Dashboard → Settings → Account → Delete Account
Account deletion is soft-deleted with a 30-day restore window:
- Your user account, all owned organizations, projects, and API keys are deactivated
- All SDKs and integrations stop working immediately
- Your email is reserved — no one else can register with it during the 30-day window
Restoring Your Account
If you deleted your account and want it back, simply log in with your email and password within 30 days. You'll see a restore screen with:
- How many days remain before permanent deletion
- A Restore My Account button that reactivates everything instantly
- All projects, API keys, team members, and data are restored exactly as they were
If you try to sign up with a deleted email, you'll see the same restore prompt instead of creating a new account.
POST /api/auth/account/restore
Body: { "email": "...", "password": "..." }
What gets restored?
| Resource | Restored? |
|---|---|
| User account | ✓ |
| Organizations you own | ✓ |
| All projects | ✓ |
| All API keys | ✓ (reactivated) |
| Logs & events data | ✓ (if within retention period) |
| Team members | ✓ |
| Plan & billing | ✓ |
GDPR Right to Erasure (Immediate Hard Delete)
For GDPR compliance, you can request immediate permanent deletion with no restore window:
DELETE /api/auth/account?immediate=true
Authorization: Bearer <your-token>
This permanently removes:
- Your user account and all personal data
- All owned organizations, projects, and API keys
- All events, logs, alert rules, and AI conversations
- All memberships and billing records
After immediate deletion, you can sign up again with the same email as a fresh account — no previous data will remain.
Data Retention
Event and log data is retained according to your plan:
| Plan | Retention |
|---|---|
| Free | 3 days |
| Starter | 14 days |
| Pro | 90 days |
| Team | 365 days |
After the retention period, data is automatically purged. Soft-deleted resources (projects, keys, accounts) are permanently removed after 30 days by a daily cleanup task.
Where Data Is Stored
All data is stored in Azure PostgreSQL with encryption at rest and TLS in transit across three regions (US, EU, AP). No data is shared with third parties except:
- Azure OpenAI — your logs/events are sent to GPT-4o for AI debugging queries (only when you explicitly use AI Chat)
- Paddle — payment processing (no log data shared)
Data Requests
For data access, portability, or deletion requests, contact support@goodlogs.ajaysharma.dev.